Download presentation
Presentation is loading. Please wait.
1
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th
2
Units of Protection Memory I/O devices Programs Data
3
Levels of Protection None Isolation –No sharing of processes or resources Share all or nothing –Public or private Limit access : permissions Limit users Dynamic sharing
4
Protection Schemes Control access to entities Decryption –Protects data and memory Access tokens –Protects devices and network nodes General techniques –Authentication –Authorization
5
Authentication Verifying that user is truly user Types: –Physical : Check IP address of machine –User : User id and password –Process : Thread is associated with proper user process
6
Physical Authentication Checks IP address of machine How secure? –Same technique used by web sites –IP addresses can be changed Requires knowledge Change too much, won’t match protocol details
7
User Authentication Key is password How secure? –Password must be complex enough Easy to guess if all lowercase Mix of letters, digits, and special characters –Store encrypted Hacker could read text file Encryption code stored separately
8
Process Authentication Most secure Uses process status register –Changed with each context switch –Hacker program would cause context switch Best hacker could do would be to deactivate this scheme
9
Firewalls Protects email Allows mail only from trusted sources Separates attachments to isolated areas
10
Web Traffic Security Secure Sockets Layer –Included in https secure protocol Authentication server –Uses credentials of user to create unique ticket and session key –Ticket encrypted using session key Secure cookie encryption –Return to previous web site –Prevents reroutes
11
Software Authentication Verify that software is authentic and can be trusted Trusted source for downloaded software Digital signature to ensure unaltered
12
Authorization schemes Limit access to only approved users, processes, or procedures Schemes: – –Permissions : mostly associated with users or groups – –Memory keys : protects data areas
13
Permissions UNIX has simple file protection mask Windows uses permission groups These protect files and directories
14
Permission Policy Commands Transfer Grant Delete Copy access Give access level Remove access
15
Memory Keys Used to protect specific data areas Memory key is binary bit pattern attached to data location Only process with same memory key can access
16
Security Access Matrix Most operating systems combine security techniques Combination is called “access matrix” Trick is finding most security with least cost and least impact to efficiency
17
Ring Architecture Concentric domains where innermost is most secure and outer is least Files are placed in appropriate ring Access to an inner ring is granted only through a monitored entry point –Entry requires appropriate authorization –Only one entry at a time; prevents piggybacking
18
Collapsed Access Matrix Collection of access control data Access Control List is column-based –List of all entities’ access to particular protected object Capacity is row-based –List of all permissions of a particular entity
19
Encryption Convert clear data to ciphered data and back again Encrypt() and decrypt() Types: –Private key : share encryption between trusted sources –Public key : support multiple interaction types
20
Private Key Encryption Symmetric : same key used to encrypt and decrypt Data Encryption Standard –Complex series of substitutions and permutations on smaller blocks –Pattern changes daily
21
Public Key Encryption Two-part data encryption –Uses a public one that is available to anyone wishing to interact with data location –Data encrypted with private one –Decrypt function sent to requestor if passes authorization
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.